New DeFi hack: Alpha and Cream Finance got robbed by over $37m

The shady tendency to hack DeFi protocols is still very much alive this year. The last victims were Alpha Finance Lab and Cream Finance, which were hacked this Saturday by around $37.5m through a flash loan attack. Luckily, the users weren’t affected as such, but the CREAM price quickly fell by over 34%.

According to the report published by Alpha Finance after the attack, the exploit was targeted to their Ethereum protocol Alpha Homora V2, which is for “leveraging your position in yield farming pools”. The hacker did more than nine transactions involving flash loans, using this protocol to borrowing sUSD in the Cream’s Iron Bank.

The attacker manipulated the liquidity in the original pool in Homora Bank, ending up borrowing huge amounts of WETH, USDC, USDT, and DAI from the Iron Bank. They repeated the process and the flash loans till snatching over $37m directly from the protocols. That’s why the user’s funds weren’t affected this time.

Now, as indicated by Cream Finance on Twitter, their smart contracts and markets were investigated and they’re functioning as usual. For its part, Alpha Finance has already patched the vulnerability, and they’ve also declared that they’ll be working with more audit firms and trusted builders to improve the contracts in the future.

Yearn Finance (YFI) was hacked too

The Alpha Homora’s wasn’t the first hack of the year, sadly. SushiSwap was hacked in late January, and, barely last week, Yearn Finance (YFI) was attacked too. The attacker used then a very complex exploit with flash loans and involving over 160 transactions between the protocol Aave and the YFI DAI vault. The latter lost around $11m, while the hacker kept $2.8m after the costs produced by the attack itself.

The price of the YFI token decreased by around 15% after the attack, but it has recovered very well since then. To deal with the losses, the team of Yearn Finance opened a Maker vault from their treasury to mint 9.7m DAI and make the attacked vault whole again for the users. They say this would be a one-time occurrence, though. So, they’re recommending buying coverage from the protocol Cover.

Meanwhile, against all odds, the DeFi ecosystem continues to grow. According to CryptoSlate, the total market capitalization for DeFi assets is over $66.45b, and they have grown by 18% during the last week. The total value locked in these protocols ascends to $40.6b [DefiPulse], and it’s been rising all month.

Featured Image by Markus Trier / Pixabay

Originally published at on February 13, 2021.

We are an eight-year-old and duly regulated cryptocurrency exchange. We offer crypto-fíat and non-custodial transactions, and valuable knowledge in our blog.